For several days, we've seen SYN/ACK packets directed to unused addresses
within our address space. TCP source port is often a well-known port like
Telnet, Http, etc. Destination port is generally above 1024, and is mostly
either 1974 or 1829. At first, the packets were all coming from a single
network. We suspected that we were the spoofed side of a SYN flood attack
and notified the other network contact. Later, the traffic from that
network stopped, and we now see the traffic coming in from a variety of
outside networks.
The volume is too low to cause us DOS problems, but we're scratching our
heads as to what this is about. Any clues?
--
W.C. Epperson
Chief Systems Engineer
Va. Dept. of Education
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
